WTA Urges Teleport Operators to Improve on Cybersecurity
[Via Satellite 08-05-2015] A new report by the World Teleport Association (WTA) finds that cybersecurity is a growing concern in the satellite industry, and an issue that not all companies are adequately prepared to protect against. As hacking equipment and techniques continue to evolve and instances of attacks become ever-more prevalent, teleport operators and companies in the satellite ecosystem will likely have to invest time and resources to protect against attacks, something that is liable to become a cost of doing business for the industry.
Satellites present inherent vulnerabilities to cyber attacks, according to the report, in that their signals travel through air and space, which creates a potential for anyone in the footprint with proper motivation and equipment to interfere with RF signals. As a signal moving between satellite and terrestrial navigates a considerable chain of equipment at the teleport, most of which has been Internet Protocol (IP)-enabled to allow engineers remote access through a standard data network, should a cyber attack gain control over these devices through the teleport’s internal network, outside entities could obtain access to the satellite ecosystem.
These instances open the door to three major threats: Denial of Service (DoS), which the report finds has historically been the most common issue; malware, which distributes viruses across a company’s systems; and targeted attacks to steal information from organizations or governments.
“The attackers have the goal to steal or eavesdrop on the data, to corrupt or change the data or deny the availability of systems,” explained Peggy Rowe, vice president of software and cyber solutions at DataPath. “The entry points are anything that are touching the network: satellite ground control stations, earth terminals, satellite in the air and over the air — anything that is connecting to the network is a point of entry for the attacker, so they’re looking for weak points at all segments.”
In this way, a weakness at one subsystem can allow entry into another subsystem that was inherently protected.
There is particular concern regarding the potential to hack into tracking, telemetry and control subsystems, which may enable an outside source to gain control of the satellite. This threat became a reality for NASA in 2007 and 2008 when Chinese hackers gained access to the control systems of NASA satellites for a number of minutes, although the hackers chose to do nothing, as confirmed by a 2011 report on the attacks issued by the U.S. Congress.
And as systems evolve, threats are evolving with them. As companies have recently made the switch to IP-enabled equipment, more access points are popping up for cyber attacks.
“In the last 10 years both satellite and teleport operators on the ground, as well as other players in the satellite ecosystem, have put a lot of equipment into their operations that are all IP-enabled. They made the switch to IP because it created a lot of cost savings in terms of their internal networks and created a great opportunity for control,” said Robert Bell, executive director of the WTA. “But, every time you have a device that touches the network and talks Internet Protocol, you are creating another threat. People are beginning to look at that and think about it because all that equipment is through the transmission chain.”
While the main adversaries include competing governments and corporations, criminals and disgruntled employees, human factors can leave a system unintentionally vulnerable.
“There are three areas of threat hitting the network of your service provider,” explained Bell. “There is, of course the Internet, because you have to be connected to it, but there are also vendors who may be coming onto your premises or coming in remotely to your network and then there are customers who want to get into your network to check the status of their services. Each of those brings with it the door opening to a threat.”
When it comes to current protocols for protecting against current and evolving threats, Bell found that there was a wide disparity between companies. While some bone up on security to the highest degree, others see it as a problem for the customer. “That is an issue, because your threat profile is based partially on how visible you are as a target,” said Bell. “But we’re all pretty much at risk. And as the hacker’s tools get easier to use and more widespread, the level of threat is going to go up.”
To protect against current and evolving threats, Bell recommends “constant vigilance” for teleport operators and Rowe points to proactive measures companies can take to thwart an attack before it occurs. “Stakeholders tend to focus on detection of the threat and not enough on preventing the threat,” said Rowe.
When it comes to prevention, a company can implement some best practices, which often involve bringing in third party organization to conduct vulnerability testing and outsource cybersecurity services or employ internal information security specialists. A company can also look to achieve ISO 27000 certification — a family of standards set up to help keep information secure.
With such a broad disparity in teleport operators, ranging from well-established, publicly owned organizations to small, entrepreneurial companies, not all practices can be implemented equally across the satellite industry. Still, “doing something is better than doing nothing,” said Rowe. Companies can look to mitigate threats in a way that may fit their budget, or perhaps look to address their most worrisome threats. The most important thing, however, is to begin protecting against threats to teleports and satellites now.
“Fundamentally, these threats are to individual organizations and networks, but looking forward to the future threat — the ability to control a satellite when you’re not the owner and the ability to get into the transmission chain and affect it — that’s serious stuff,” said Bell. “We haven’t seen the cases yet that we know of, but that’s the area where if the industry doesn’t pick up its level of vigilance and make it more consistent, you’re going to begin some see some systemic risk to the industry. It’s not today’s threat but today is the time to start working on it because it’s going to be tomorrow’s threat.”